Very nice. But this looks like it as part of the whole easyRSA
effort, not something I can easily feed into the openssl command to
create the cert. It would take a fair bit of digging to dig out
what I need for now. Definitely something I will look into soon, as providing a simple PKI for a small installation has long been on my list. But the effort name is limiting. What about ECDSA and EDDSA certs? :) On 03/10/2017 06:58 AM, Jochen Bern
wrote:
On 03/10/2017 01:10 AM, openssl-users-request@xxxxxxxxxxx digested:Thing is that this then prompts for a number of fields:[...]Is there some 'simple' way to provide these answers? Like with env variables?Yes, and as others have already pointed out, there's also the possibility of command line parameters given to OpenSSL. A publicly available set of scripts that makes heavy use of the env var method and might serve as an example would be easyRSA (here, version 3):# grep EASYRSA_REQ_ openssl-1.0.cnf commonName_default = $ENV::EASYRSA_REQ_CN countryName_default = $ENV::EASYRSA_REQ_COUNTRY stateOrProvinceName_default = $ENV::EASYRSA_REQ_PROVINCE localityName_default = $ENV::EASYRSA_REQ_CITY 0.organizationName_default = $ENV::EASYRSA_REQ_ORG organizationalUnitName_default = $ENV::EASYRSA_REQ_OU commonName_default = $ENV::EASYRSA_REQ_CN emailAddress_default = $ENV::EASYRSA_REQ_EMAIL# grep EASYRSA_REQ_ easyrsa | grep -v ';;' [ $EASYRSA_BATCH ] && opts="$opts -batch" || export EASYRSA_REQ_CN="Easy-RSA CA" [ ! $EASYRSA_BATCH ] && EASYRSA_REQ_CN="$1" EASYRSA_REQ_CN="$name" set_var EASYRSA_REQ_COUNTRY "US" set_var EASYRSA_REQ_PROVINCE "California" set_var EASYRSA_REQ_CITY "San Francisco" set_var EASYRSA_REQ_ORG "Copyleft Certificate Co" set_var EASYRSA_REQ_EMAIL me@xxxxxxxxxxx set_var EASYRSA_REQ_OU "My Organizational Unit" set_var EASYRSA_REQ_CN ChangeMehttps://github.com/OpenVPN/easy-rsa Kind regards, |
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users